Python

在使用 Ansible 劇本時,您如何儲存和使用包含引號或其他元字元的密碼,而不會對其進行互動?

  • June 1, 2020

我的公司使用 Ansible(我是新手),我們有一個劇本和相關角色,用於將新的 Linux 機器加入 AD。我們的管理員帳戶的密碼每天滾動 3 次,我們無法自行設置。只要密碼中沒有(單'引號),Ansible 劇本就可以工作。可能還有其他字元會導致它崩潰,但我知道'肯定會這樣做。

以下是腳本的相關位:

cat setup-ad.yml

---
- hosts: "{{ hosts }}"

 vars_prompt:
 - name: "username"
   prompt: "Enter admin account"
   private: no

 - name: "password"
   prompt: "Enter Password"
   unsafe: yes
   private: yes

 vars:
   domain: "{{ 'mycompany.com' }}"
   passwd: "{{ password | regex_escape() }}"

 roles:
 - join-ad
grep -B2 -A3 'passwd' ./roles/join-ad/tasks/main.yml

 - name: join to active directory
   command: net ads join MYCOMPANY.COM -U {{ username }}@MYCOMPANY.COM%'{{ passwd }}' createcomputer=Restricted/Servers/Unix --request-timeout=120 --no-dns-updates
   no_log: false
   when: ansible_distribution_major_version >= 6

 - name: join to active directory
   command: net ads join MYCOMPANY.COM -U {{ username }}@MYCOMPANY.COM%'{{ passwd }}' createcomputer=Restricted/Servers/Unix --request-timeout=120
   no_log: false
   when: ansible_distribution_major_version <= 5

我們得到的錯誤是:

TASK [join-ad : join to active directory] ************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: No closing quotation
fatal: [newserver.mycompany.com]: FAILED! => {"changed": false, "module_stderr": "Shared connection to newserver.mycompany.com closed.\r\n", "module_stdout": "Traceback (most recent call last):\r\n  File \"/root/.ansible/tmp/ansible-tmp-1590785720.2-224244797633747/AnsiballZ_command.py\", line 102, in <module>\r\n    _ansiballz_main()\r\n  File \"/root/.ansible/tmp/ansible-tmp-1590785720.2-224244797633747/AnsiballZ_command.py\", line 94, in _ansiballz_main\r\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n  File \"/root/.ansible/tmp/ansible-tmp-1590785720.2-224244797633747/AnsiballZ_command.py\", line 40, in invoke_module\r\n    runpy.run_module(mod_name='ansible.modules.commands.command', init_globals=None, run_name='__main__', alter_sys=True)\r\n  File \"/usr/lib64/python2.7/runpy.py\", line 176, in run_module\r\n    fname, loader, pkg_name)\r\n  File \"/usr/lib64/python2.7/runpy.py\", line 82, in _run_module_code\r\n    mod_name, mod_fname, mod_loader, pkg_name)\r\n  File \"/usr/lib64/python2.7/runpy.py\", line 72, in _run_code\r\n    exec code in run_globals\r\n  File \"/tmp/ansible_command_payload_4D4oFT/ansible_command_payload.zip/ansible/modules/commands/command.py\", line 344, in <module>\r\n  File \"/tmp/ansible_command_payload_4D4oFT/ansible_command_payload.zip/ansible/modules/commands/command.py\", line 263, in main\r\n  File \"/usr/lib64/python2.7/shlex.py\", line 279, in split\r\n    return list(lex)\r\n  File \"/usr/lib64/python2.7/shlex.py\", line 269, in next\r\n    token = self.get_token()\r\n  File \"/usr/lib64/python2.7/shlex.py\", line 96, in get_token\r\n    raw = self.read_token()\r\n  File \"/usr/lib64/python2.7/shlex.py\", line 172, in read_token\r\n    raise ValueError, \"No closing quotation\"\r\nValueError: No closing quotation\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

PLAY RECAP *******************************************************************************************************
newserver.mycompany.com : ok=9    changed=0    unreachable=0    failed=1    skipped=2    rescued=0    ignored=0

好的,所以問題是在某些時候'被解釋為引用的一系列字元的開頭,而不是簡單的密碼的一部分。我的問題是我不知道如何獲得 Ansible?Python?亞美爾?金賈?將使用者輸入的字元串視為字元串。“字元串文字”在這裡是正確的術語嗎?

如果我 ssh 到目標伺服器並net ads join手動執行命令,並讓它提示輸入我的密碼,它甚至可以'在其中使用,所以至少我知道問題不是 Samba 命令。

我嘗試過的事情(沒有幫助)是:

  • 在周圍添加“硬引號”{{ passwd }}
  • 添加unsafe: yes到密碼定義
  • 添加passwd: "{{ password | regex_escape() }}"轉​​義元字元
  • 在 Stack 和 Google 上進行大量網際網路搜尋

任何和所有的幫助將不勝感激。

這可能是您正在尋找的

- command: "net ads join MYCOMPANY.COM
           -U {{ username }}@MYCOMPANY.COM%{{ passwd|quote }}
           createcomputer=Restricted/Servers/Unix --request-timeout=120"

請參閱YAML 問題字元串過濾器

引用自:https://serverfault.com/questions/1019253